Sniffing RF Hardware Communication Packets

[Travis Goodspeed] put together a proof of concept hack that sniffs wireless keyboard data packets. He’s using the Next HOPE badge that he designed as the hardware platform for these tests. It has an nRF24L01+ radio on-board which can easily communicate with 2.4 GHz devices.

The real trick comes in getting that radio to listen for all traffic, then to narrow that traffic down to just the device from which you want data. He covers the protocol that is used, and his method of getting around MAC address verification on the hardware. In the end he can listen to all keyboard data without the target’s knowledge, and believes that it is possible to inject data using just the hardware on the badge.

7 thoughts on “Sniffing RF Hardware Communication Packets

  1. Really, rickrolling someone with the Next HOPE badge? That would be hilarious, and annoying. Good writeup though. Security isn’t really my forte but even I understood 99% of what was going on.

Leave a Reply to DigitalCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.